This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
7.8CVSS
7.2AI Score
0.0005EPSS
7.1AI Score
This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
7.8CVSS
7.1AI Score
0.002EPSS
7.1AI Score
7.1AI Score
This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
7.8CVSS
7.1AI Score
0.002EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
7.8CVSS
7.1AI Score
0.002EPSS
This vulnerability allows local attackers to escalate privileges on affected installations of KeySight N6841A RF Sensor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
7.8CVSS
7.1AI Score
0.002EPSS
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Microsoft Inspire: Partner resources to prepare for the future of security with AI
Cybersecurity is one of the most pressing challenges of our time. With an ever-changing threat landscape and siloed data across multiple security point solutions, defenders have limited visibility. It’s difficult to stay current and find cybersecurity professionals amid the global talent shortage.....
6.7AI Score
Keysight N6845A Geolocation Server
EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Server Vulnerabilities: Exposed Dangerous Method or Function, Relative Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
7.8CVSS
7.9AI Score
0.002EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8.0 and Eclipse Openj9. IBM Sterling Connect:Direct Browser User Interface has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle...
9.1CVSS
8.5AI Score
0.002EPSS
6.8CVSS
6.7AI Score
0.001EPSS
7.1AI Score
Authentication bypass in Wordpress Plugin WooCommerce Payments This week's Metasploit release includes a module for CVE-2023-28121 by h00die. This module can be used against any wordpress instance that uses WooCommerce payments < 5.6.1. This module exploits an auth by-pass vulnerability in the.....
9.8CVSS
8.2AI Score
0.924EPSS
Summary There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2023. Vulnerability Details ** CVEID: CVE-2023-21967 DESCRIPTION: **An...
5.9CVSS
7.7AI Score
0.001EPSS
The firmware update package for the wireless card is not properly signed and can be...
5.7CVSS
5.7AI Score
0.0004EPSS
ZeusCloud - Open Source Cloud Security
ZeusCloud is an open source cloud security platform. Discover, prioritize, and remediate your risks in the cloud. Build an asset inventory of your AWS accounts. Discover attack paths based on public exposure, IAM, vulnerabilities, and more. Prioritize findings with graphical context. Remediate...
6.8AI Score
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
This module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the (filter_user_id)...
8.8CVSS
9.1AI Score
0.022EPSS
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 and IBM® Runtime Environment Java™ Version 1.8 used by Rational Functional Tester. Rational Functional Tester has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION:.....
9.1CVSS
8AI Score
0.002EPSS
Summary IBM® Db2® with Federated configuration is vulnerable to arbitrary code execution as Db2 instance owner. Vulnerability Details ** CVEID: CVE-2023-35012 DESCRIPTION: **IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) with a Federated configuration is vulnerable to a...
6.7CVSS
7.7AI Score
0.0004EPSS
Summary IBM® Db2® federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. Vulnerability Details ** CVEID: CVE-2023-30442 DESCRIPTION: **IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) federated...
7.5CVSS
6.2AI Score
0.001EPSS
Summary IBM® Db2® JDBC driver is vulnerable to multiple remote code execution issues. These vulnerabilties are addressed. Vulnerability Details ** CVEID: CVE-2023-27869 DESCRIPTION: **IBM Db2 JDBC Driver could allow a remote authenticated attacker to execute arbitrary code on the system, caused...
8.8CVSS
8.2AI Score
0.002EPSS
A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive...
6.5CVSS
6.3AI Score
0.001EPSS
AMD SEV VM Power Side Channel Security Bulletin
Bulletin ID:AMD-SB-3004 Potential Impact:Information disclosure Severity:Low Summary Researchers have reported a potential power side-channel attack using the Running Average Power Limit (RAPL) interface on AMD SEV VMs. The researchers focused only on the first generation of AMD SEV technology and....
6.5CVSS
6.6AI Score
0.001EPSS
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit
RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that.....
9.8CVSS
9.7AI Score
0.973EPSS
Summary There are multiple vulnerabilities in IBM Runtime Environment Java Version 8 used by WebSphere eXtreme Scale. Vulnerability Details ** CVEID: CVE-2022-21426 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to...
5.9CVSS
6.4AI Score
0.001EPSS
Exploit for Cleartext Storage of Sensitive Information in Mremoteng
mRemoteNG <= v1.77.3.1784-NB Password Dumper...
7.5CVSS
8AI Score
0.003EPSS
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions. IBM Sterling Connect:Direct Web Services has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in Oracle Java SE, Oracle GraalVM...
9.1CVSS
8AI Score
0.002EPSS
Summary: Potential security vulnerabilities in BIOS firmware for some Intel® Processors may allow escalation of privilege and information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-33894 Description: Improper.....
6.1AI Score
0.0004EPSS
9.8CVSS
7.1AI Score
0.973EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with Liberty for Java for IBM Cloud. The CVE(s) listed in this document might affect some configurations of Liberty for Java for IBM Cloud. These products have addressed the applicable CVE(s). If...
9.1CVSS
7.9AI Score
0.002EPSS
Apache RocketMQ update config RCE
RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that.....
9.8CVSS
9.8AI Score
0.973EPSS
7.1AI Score
Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation
WooCommerce-Payments plugin for Wordpress versions 4.8', '4.8.2, 4.9', '4.9.1, 5.0', '5.0.4, 5.1', '5.1.3, 5.2', '5.2.2, 5.3', '5.3.1, 5.4', '5.4.1, 5.5', '5.5.2, and 5.6', '5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER...
9.8CVSS
9.8AI Score
0.924EPSS
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVEs. Vulnerability Details...
9.1CVSS
7.8AI Score
0.002EPSS
Summary CVE-2023-21930, CVE-2023-21967, CVE-2023-21954, CVE-2023-21939, CVE-2023-21968, CVE-2023-21937, CVE-2023-21938 and CVE-2023-2597 may affect IBM® SDK, Java™ Technology Edition shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVEs. Vulnerability Details...
9.1CVSS
7.8AI Score
0.002EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Apr 2023. Vulnerability Details ** CVEID: CVE-2023-21930 DESCRIPTION: **An unspecified vulnerability in...
9.1CVSS
8.1AI Score
0.002EPSS
7.1AI Score
7.1AI Score
7.1AI Score
Summary IBM WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM® Java SDK...
6.6AI Score
Summary APM JBoss, APM WebLogic and APM SAP NetWeaver Java™ Stack Agents are vulnerable to Apache Ant(ant-1.7.0.jar, ant-1.8.4.jar) CVE-2021-36373, CVE-2020-1945, CVE-2012-2098, CVE-2020-11979, CVE-2021-36374. The fix includes ant jar upgraded to ant-1.10.13.jar. Vulnerability Details ** CVEID:...
7.5CVSS
6.5AI Score
0.026EPSS
7.1AI Score